]> git.ipfire.org Git - thirdparty/git.git/commit
projects / thirdparty / git.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3f6b8a6) | patch
url: do not allow %00 to represent NUL in URLs
authorMatthew DeVore <matvore@google.com>
Tue, 4 Jun 2019 17:57:05 +0000 (10:57 -0700)
committerJunio C Hamano <gitster@pobox.com>
Tue, 4 Jun 2019 21:48:25 +0000 (14:48 -0700)
commitd37dc239a427a367427f9c4fdf12a148ad811968
tree1bb79a242be4a4ffd8361a8b98eed573b2eb66adtree | snapshot
parent3f6b8a6177f3197ddad82a6da2ff9b4704664f5dcommit | diff
url: do not allow %00 to represent NUL in URLs

There is no reason to allow %00 to terminate a string, so do not allow it.
Otherwise, we end up returning arbitrary content in the string (that which is
after the %00) which is effectively hidden from callers and can escape sanity
checks and validation, and possible be used in tandem with a security
vulnerability to introduce a payload.

Helped-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Matthew DeVore <matvore@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
url.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.